10462183

File system monitoring and auditing via monitor system having user-configured policies

PublishedOctober 29, 2019
Assigneenot available in USPTO data we have
Technical Abstract

Patent Claims
21 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1

1. A method to improve a file system monitoring system operating in association with plural file systems in an enterprise computing environment, comprising: probing the enterprise computing environment to discover the plural file systems; providing each of the plural file systems discovered with a software agent that runs locally in the file system to collect file system access activity local to the file system together with network segment traffic that is visible to the software agent; providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored and enforced at the file system by the software agent; receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system by the software agent in accordance with the security policy, the audit trail data including any network segment traffic that is visible to the software agent, and one or more classifiers generated by the software agent to classify file system activity that involves sensitive data or application-specific details; and storing the audit trail data received from the plural file systems; and applying the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, taking a given action; wherein the security policies for the plural file systems are managed and applied centrally for the enterprise computing environment to provide an enterprise-wide view of monitoring and auditing of file system access for the plural file systems while file access activity is collected, enforced and classified locally by the software agent.

2

2. The method as described in claim 1 further including sending the audit trail data to a central location remote from the plural file systems.

3

3. The method as described in claim 1 wherein the given action is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity.

4

4. The method as described in claim 1 wherein the audit trail data is received continuously and in real-time with respect to the file system access activity.

5

5. The method as described in claim 1 wherein the security policy provided to a first file system differs from the security policy provided to a second file system distinct from the first file system.

6

6. The method as described in claim 1 further including defining the security policy, the security policy having one or more file system-specific rules.

7

7. The method as described in claim 6 wherein the given action taken is based on the one or more file system-specific rules.

8

8. An apparatus, comprising: a processor; computer memory holding computer program instructions configured to improve a file system monitoring system operating in association with plural file systems in an enterprise computing environment, the computer program instructions comprising: program code to probe the enterprise computing environment to discover the plural file systems; program code providing each of the plural file systems discovered with a software agent that runs locally in the file system to collect file system access activity local to the file system together with network segment traffic that is visible to the software agent; program code providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored and enforced at the file system by the software agent; program code receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system by the software agent in accordance with the security policy, the audit trail data including any network segment traffic that is visible to the software agent, and one or more classifiers generated by the software agent to classify file system activity that involves sensitive data or application-specific details; and program code storing the audit trail data received from the plural file systems; and program code applying the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, to take a given action; wherein the security policies for the plural file systems are managed and applied centrally for the enterprise computing environment to provide an enterprise-wide view of monitoring and auditing of file system access for the plural file systems while file access activity is collected, enforced and classified locally by the software agent.

9

9. The apparatus as described in claim 8 wherein the computer program instructions further include program code sending the audit trail data to a central location remote from the plural file systems.

10

10. The apparatus as described in claim 8 wherein the given action is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity.

11

11. The apparatus as described in claim 8 wherein the audit trail data is received continuously and in real-time with respect to the file system access activity.

12

12. The apparatus as described in claim 8 wherein the security policy provided to a first file system differs from the security policy provided to a second file system distinct from the first file system.

13

13. The apparatus as described in claim 8 wherein the computer program instructions further include program code defining the security policy, the security policy having one or more file system-specific rules.

14

14. The apparatus as described in claim 13 wherein the given action taken is based on the one or more file system-specific rules.

15

15. A computer program product comprising computer program instructions on non-transitory computer-readable media, the computer program instructions executed by a processor to improve a file system monitoring system operating in association with plural file systems in an enterprise computing environment, the computer program instructions comprising: program code to probe the enterprise computing environment to discover the plural file systems; program code providing each of the plural file systems discovered with a software agent that runs locally in the file system to collect file system access activity local to the file system together with network segment traffic that is visible to the software agent; program code providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored and enforced at the file system by the software agent; program code receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system by the software agent in accordance with the security policy, the audit trail data including any network segment traffic that is visible to the software agent, and one or more classifiers generated by the software agent to classify file system activity that involves sensitive data or application-specific details; and program code storing the audit trail data received from the plural file systems; and program code applying the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, to take a given action; wherein the security policies for the plural file systems are managed and applied centrally for the enterprise computing environment to provide an enterprise-wide view of monitoring and auditing of file system access for the plural file systems while file access activity is collected, enforced and classified locally by the software agent.

16

16. The computer program product as described in claim 15 further including program code sending the audit trail data to a central location remote from the plural file systems.

17

17. The computer program product as described in claim 15 wherein the given action is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity.

18

18. The computer program product as described in claim 15 wherein the audit trail data is received continuously and in real-time with respect to the file system access activity.

19

19. The computer program product as described in claim 15 wherein the security policy provided to a first file system differs from the security policy provided to a second file system distinct from the first file system.

20

20. The computer program product as described in claim 15 wherein the computer program instructions further include program code defining the security policy, the security policy having one or more file system-specific rules.

21

21. The computer program product as described in claim 20 wherein the given action taken is based on the one or more file system-specific rules.

Patent Metadata

Filing Date

Unknown

Publication Date

October 29, 2019

Inventors

Sean Christopher Foley
Christopher J. Berube
Sagi Shechter

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Citation & reuse

Analysis on this page is generated by Patentable — an AI-powered patent intelligence platform. AI-generated summaries, explanations, and analysis may be reused with attribution and a visible link back to the canonical URL below. Patent abstracts and claims are USPTO public domain.

Cite as: Patentable. “File system monitoring and auditing via monitor system having user-configured policies” (10462183). https://patentable.app/patents/10462183

© 2026 Patentable. All rights reserved.

Patentable is a research and drafting-assistant tool, not a law firm, and does not provide legal advice. Documents we generate are drafts for review by a licensed patent attorney.